summaryrefslogtreecommitdiff
path: root/puppet/modules/soledad
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/soledad')
-rw-r--r--puppet/modules/soledad/manifests/client.pp16
-rw-r--r--puppet/modules/soledad/manifests/common.pp6
-rw-r--r--puppet/modules/soledad/manifests/init.pp29
-rw-r--r--puppet/modules/soledad/manifests/server.pp73
-rw-r--r--puppet/modules/soledad/templates/soledad-server.conf.erb11
5 files changed, 84 insertions, 51 deletions
diff --git a/puppet/modules/soledad/manifests/client.pp b/puppet/modules/soledad/manifests/client.pp
new file mode 100644
index 00000000..e470adeb
--- /dev/null
+++ b/puppet/modules/soledad/manifests/client.pp
@@ -0,0 +1,16 @@
+# setup soledad-client
+# currently needed on webapp node to run the soledad-sync test
+class soledad::client {
+
+ tag 'leap_service'
+ include soledad::common
+
+ package {
+ 'soledad-client':
+ ensure => latest,
+ require => Class['site_apt::leap_repo'];
+ 'python-u1db':
+ ensure => latest;
+ }
+
+}
diff --git a/puppet/modules/soledad/manifests/common.pp b/puppet/modules/soledad/manifests/common.pp
index 8a1d664a..8d8339d4 100644
--- a/puppet/modules/soledad/manifests/common.pp
+++ b/puppet/modules/soledad/manifests/common.pp
@@ -1,10 +1,8 @@
+# install soledad-common, both needed both soledad-client and soledad-server
class soledad::common {
- include soledad
-
package { 'soledad-common':
- ensure => latest,
- require => User['soledad']
+ ensure => latest;
}
}
diff --git a/puppet/modules/soledad/manifests/init.pp b/puppet/modules/soledad/manifests/init.pp
deleted file mode 100644
index 7cf0b729..00000000
--- a/puppet/modules/soledad/manifests/init.pp
+++ /dev/null
@@ -1,29 +0,0 @@
-class soledad {
-
- group { 'soledad':
- ensure => present,
- allowdupe => false;
- }
-
- user { 'soledad':
- ensure => present,
- allowdupe => false,
- gid => 'soledad',
- home => '/srv/leap/soledad',
- require => Group['soledad'];
- }
-
- file {
- '/srv/leap/soledad':
- ensure => directory,
- owner => 'soledad',
- group => 'soledad',
- require => User['soledad'];
-
- '/var/lib/soledad':
- ensure => directory,
- owner => 'soledad',
- group => 'soledad',
- require => User['soledad'];
- }
-}
diff --git a/puppet/modules/soledad/manifests/server.pp b/puppet/modules/soledad/manifests/server.pp
index b71fab69..8674f421 100644
--- a/puppet/modules/soledad/manifests/server.pp
+++ b/puppet/modules/soledad/manifests/server.pp
@@ -1,11 +1,14 @@
+# setup soledad-server
class soledad::server {
tag 'leap_service'
- include soledad
- include site_apt::preferences::twisted
- $soledad = hiera('soledad')
- $couchdb_user = $soledad['couchdb_soledad_user']['username']
- $couchdb_password = $soledad['couchdb_soledad_user']['password']
+ include site_config::default
+ include soledad::common
+
+ $soledad = hiera('soledad')
+ $couchdb_user = $soledad['couchdb_soledad_user']['username']
+ $couchdb_password = $soledad['couchdb_soledad_user']['password']
+ $couchdb_leap_mx_user = $soledad['couchdb_leap_mx_user']['username']
$couchdb_host = 'localhost'
$couchdb_port = '5984'
@@ -22,20 +25,34 @@ class soledad::server {
# SOLEDAD CONFIG
#
- file { '/etc/leap/soledad-server.conf':
- content => template('soledad/soledad-server.conf.erb'),
- owner => 'soledad',
- group => 'soledad',
- mode => '0600',
- notify => Service['soledad-server'],
- require => Class['soledad'];
+ file {
+ '/etc/soledad':
+ ensure => directory,
+ owner => 'root',
+ group => 'root',
+ mode => '0755';
+ '/etc/soledad/soledad-server.conf':
+ content => template('soledad/soledad-server.conf.erb'),
+ owner => 'soledad',
+ group => 'soledad',
+ mode => '0640',
+ notify => Service['soledad-server'],
+ require => [ User['soledad'], Group['soledad'] ];
+ '/srv/leap/soledad':
+ ensure => directory,
+ owner => 'soledad',
+ group => 'soledad',
+ require => [ User['soledad'], Group['soledad'] ];
+ '/var/lib/soledad':
+ ensure => directory,
+ owner => 'soledad',
+ group => 'soledad',
+ require => [ User['soledad'], Group['soledad'] ];
}
package { $sources['soledad']['package']:
ensure => $sources['soledad']['revision'],
- require => [
- Class['site_apt::preferences::twisted'],
- Class['site_apt::leap_repo'] ];
+ require => Class['site_apt::leap_repo'];
}
file { '/etc/default/soledad':
@@ -44,7 +61,7 @@ class soledad::server {
group => 'soledad',
mode => '0600',
notify => Service['soledad-server'],
- require => Class['soledad'];
+ require => [ User['soledad'], Group['soledad'] ];
}
service { 'soledad-server':
@@ -52,7 +69,7 @@ class soledad::server {
enable => true,
hasstatus => true,
hasrestart => true,
- require => Class['soledad'],
+ require => [ User['soledad'], Group['soledad'] ],
subscribe => [
Package['soledad-server'],
Class['Site_config::X509::Key'],
@@ -62,4 +79,26 @@ class soledad::server {
include site_shorewall::soledad
include site_check_mk::agent::soledad
+
+ # set up users, group and directories for soledad-server
+ # although the soledad users are already created by the
+ # soledad-server package
+ group { 'soledad':
+ ensure => present,
+ system => true,
+ }
+ user {
+ 'soledad':
+ ensure => present,
+ system => true,
+ gid => 'soledad',
+ home => '/srv/leap/soledad',
+ require => Group['soledad'];
+ 'soledad-admin':
+ ensure => present,
+ system => true,
+ gid => 'soledad',
+ home => '/srv/leap/soledad',
+ require => Group['soledad'];
+ }
}
diff --git a/puppet/modules/soledad/templates/soledad-server.conf.erb b/puppet/modules/soledad/templates/soledad-server.conf.erb
index 47d1f6e4..1c6a0d19 100644
--- a/puppet/modules/soledad/templates/soledad-server.conf.erb
+++ b/puppet/modules/soledad/templates/soledad-server.conf.erb
@@ -1,3 +1,12 @@
[soledad-server]
-couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
+couch_url = http://<%= @couchdb_user %>:<%= @couchdb_password %>@<%= @couchdb_host %>:<%= @couchdb_port %>
+create_cmd = sudo -u soledad-admin /usr/bin/create-user-db
+admin_netrc = /etc/couchdb/couchdb-soledad-admin.netrc
+
+[database-security]
+members = <%= @couchdb_user %>, <%= @couchdb_leap_mx_user %>
+# not needed, but for documentation:
+# members_roles = replication
+# admins = admin
+# admins_roles = replication